Information Security Administrator Wanted at Rwandair

RwandAir, established in 2002 is the National Carrier for the Republic of Rwanda. RwandAir mission statement is "to provide unsurpassed, safe and reliable services in air transportation, including strategically linking Rwanda with the outside world, while ensuring a fair return on investment." The majority share holding of the company is the Government of Rwanda.

Position Title : Information Security AdministratorDepartment/Division : Support Services UNIT : ITREPORTS TO : IT Manager

Job Purpose

To protect RwandAir’s IT resources and information assets based on industry best practices and RwandAir’s policies and guidance

Duties and Responsibilities:

• Under the direct supervision of the IT Manager, the duties and responsibilities are as follows;• Contribute to the definition and the elaboration of the information security strategy and policies in support of the RwandAir’s business strategy and direction;• Develop standards, processes, procedures and guidelines that support information security policies;• Identify and analyze risks through suitable methods;• Define and recommend strategies and priority options to mitigate risk to an acceptable level;• Analyze controls and identify significant changes in information risk and report these to the IT Manager;• Perform regular vulnerability assessments to evaluate effectiveness of existing controls. Follow-up vulnerability remediation plan, and ensure that non-compliance issues and other variances are resolved in a timely manner;• Analyze information security issues and apply metrics to measure, monitor, and report on the effectiveness of information security controls and compliance with information security policies;• Promote accountability by business process owners in managing information security risks;• Manage information security projects and manage information security operations;• Prepare budget and terms of reference that support information security programs;• Participate in the implementation of information security programs;• Define and recommend information security baselines;• Participate in negotiation relating to information security products or services;• Develop and deliver effective information security education and awareness to influence culture and behaviour of staff;• Provide expert advices and recommendations in respect of Information Security;• Design, elaborate and implement processes for detecting, identifying and analyzing information security related events;• Recommend response and recovery plans and options to information security related incident;• Implement periodic testing of response and recovery plans where appropriate, and their execution as required;• Document appropriately any information security incidents as a basis for subsequent action including forensics when necessary. Produce post- incident reviews and help to identify causes and corrective actions;• Examine complaints or incidents related to information security, investigate and recommend responses and action plans;• Invite external IT security expert to conduct penetration testing and vulnerabilities test every year.

Education, Skills and Competences Requirements

• A minimum of a Bachelor degree in Information Security Engineering, Computer Science, Information Technology or other strongly related discipline;• Up to date industry certifications (CISSP, CISA, CISM, etc.) covering information security are an added advantage;• A minimum of two (2) years in information security position;• Strong understanding of information risk and Security Control Frameworks;• Ability to craft information security standards, procedures, and guidelines;• Demonstrated understanding of Security Architecture and technologies including Firewalls, IDS/IPS, NAC, Content Filtering, vulnerability assessment, authentication systems, etc;• Excellent analytical, technical and problem solving skills;• Excellent knowledge of various aspects of information security management in a range of areas: risk &compliance, security awareness, incident handling, database, network, operating systems, applications development, etc;• Excellent technical knowledge and experience across multiple platforms and technologies: Windows, Unix, Linux, applications, databases; computer operations, Intranet/Internet, LAN/WAN, etc.• Ability to work within a team and across teams to accomplish common goals;• Excellent written and verbal communications in English/French with a working knowledge of the other language

How to apply:

• An application letter addressed to General Manager -Human Resources;• Recent Curriculum Vitae;• Relevant certificates;• A photocopy of the National identity card;• Two passport photos;• Three referees

The deadline for submitting application documents is October 28, 2016 at 4pm local time at the front desk of our head office located at Kigali International Airport, Top Floor building or on below email address.